class AccountController < ApplicationController

  before_filter :login_required, :only => ['welcome', 'change_password', 'hidden']

  def signup
    @user = User.new(@params[:user])
    if request.post?
      if @user.save
        session[:user] = User.authenticate(@user.login, @user.password)
        flash[:notice] = "Signup successful"
        redirect_to :action => "welcome"
      else
        flash[:warning] = "Singup unsuccessful"
      end
    end
  end

  def login
    if request.post?
      if session[:user] = User.authenticate(params[:user][:login], params[:user][:password])
        flash[:notice] = "Login successful"
        redirect_to_stored
      else
        flash[:warning] = "Login unsuccessful"
      end
    end
  end

  def logout
    session[:user] = nil
    flash[:notice] = "Logged out"
    redirect_to :action => "login"
  end

  def forgot_password
    if request.post?
      u = User.find_by_email(params[:user][:email])
      if u and u.send_new_password
        flash[:notice] = "A new password has been sent by email."
        redirect_to :action => "login"
      else
        flash[:warning] = "Could not send new password."
      end
    end
  end

  def welcome
  end

  def hidden
  end
end
